彙總 nortekcontrol 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 CSRF、跨站腳本與記憶體損壞 相關,可能在 生產負載與軟體部署 場景中帶來 記憶體損壞與應用程式崩潰 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2022-31798 | Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. | [email protected] | 6.1 | 6.65% | 2022-08-25 | 2026-06-17 |
| CVE-2022-31499 | Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. | [email protected] | 9.8 | 64.59% | 2022-08-25 | 2026-06-17 |
| CVE-2022-31269 | Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | [email protected] | 8.2 | 5.05% | 2022-08-25 | 2026-06-17 |
| CVE-2019-7258 | Linear eMerge E3-Series devices allow Privilege Escalation. | [email protected] | 8.8 | 19.61% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7257 | Linear eMerge E3-Series devices allow Unrestricted File Upload. | [email protected] | 10.0 | 69.99% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7256 KEV | Linear eMerge E3-Series devices allow Command Injections. | [email protected] | 9.8 | 97.14% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7255 | Linear eMerge E3-Series devices allow XSS. | [email protected] | 6.1 | 55.81% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7254 | Linear eMerge E3-Series devices allow File Inclusion. | [email protected] | 7.5 | 82.04% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7253 | Linear eMerge E3-Series devices allow Directory Traversal. | [email protected] | 9.8 | 3.01% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7252 | Linear eMerge E3-Series devices have Default Credentials. | [email protected] | 9.8 | 4.85% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7262 | Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | [email protected] | 8.8 | 16.28% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7261 | Linear eMerge E3-Series devices have Hard-coded Credentials. | [email protected] | 9.8 | 5.47% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7260 | Linear eMerge E3-Series devices have Cleartext Credentials in a Database. | [email protected] | 9.8 | 6.63% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7259 | Linear eMerge E3-Series devices allow Authorization Bypass with Information Disclosure. | [email protected] | 8.8 | 13.18% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7270 | Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). | [email protected] | 8.8 | 1.14% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7269 | Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. | [email protected] | 9.8 | 40.01% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7268 | Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | [email protected] | 10.0 | 6.48% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7267 | Linear eMerge 50P/5000P devices allow Cookie Path Traversal. | [email protected] | 9.8 | 21.45% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7266 | Linear eMerge 50P/5000P devices allow Authentication Bypass. | [email protected] | 9.8 | 4.63% | 2019-07-02 | 2026-06-16 |
| CVE-2019-7265 | Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH). | [email protected] | 9.8 | 23.12% | 2019-07-02 | 2026-06-16 |